The Techniques of Data Encryption

We are at a time when the widespread connectivity has put us into more risk than ever before. The consequence is devastating when the data falls into the wrong hands. One of the best ways that have been highly recommended by security professionals is encryption. Encryption is a security mechanism that converts data into an unintelligible form (Stallings et al., 2012). Selecting the right encryption tools depends on many factors. For instance, data at rest which include data in file servers, databases, and backup media requires a different encryption mechanism from data in motion. Similarly, data in use which is mostly found at the user endpoints including laptops, or mobile devices need a different encryption technique (Taylor, Fritsch & Liederbach, 2014).

I would advise my employer first to consider whether the data is in motion, use or at rest. When the data is in use, it is probably on laptops or mobile devices. In this state, more than 80% of the data threats are related to physical loss or human error. The best type of encryption for this type of data is full disk encryption (Taylor et al., 2014). The full disk encryption offers a higher level of assurance than other methods of encryption. The advantage of using this type of encryption is that it is simple, transparent to users and has little impact on the end users experience.

When the data is at rest, I would advise my employer to utilize file-level encryption. Data at rest, in this case, refers to data stored in the file servers, cloud-based storage, and network storages. Data at rest is vulnerable to external threats such as hacking, insider threats such as misuse through identity theft or human errors. File-level encryption makes use of software agents installed on the computer operating system to offers security controls (Connolly, 2015). The software agents can intercept the write and read calls to the disk and enforce policies to find out whether data should be encrypted. It is one of the most transparent encryption techniques that eliminate the need for the organization to customize its applications. Furthermore, its security controls are also tough on privileged users. With file-level encryption, the organization can easily detect breach since it offers monitoring logs with SIEM integration (Connolly, 2015).

I would advise my employer to use end to end encryption on data that is in motion or on transit. Data on the move is susceptible to eavesdropping where malicious people intercept the data for personal gains. The end to end encryption obscures the messages so that only the sender and the receiver can read and understand the contents (Stallings et al., 2012). It handles all the vulnerabilities on transit be it on the middle or at the endpoints. I would also advise my employer to use encrypted web connections through HTTPS during the transfer of data from one system to another (Taylor et al., 2014). An encrypted web connection makes use of secure sockets layer protocols to ensure web communications are secure. Both browser and server use the secure socket layer encryption key to authorize the access of data that is passed between them.

References

1. Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer Security: Principles and Practice (pp. 978-0). Upper Saddle River (NJ: Pearson Education.
2. Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital Crime and Digital Terrorism. Prentice Hall Press.
3. Connolly, R. (2015). Fundamentals of Web Development. Pearson Education.